Hansa bug bounty program

Dark Web marketplace Hansa has launched a bug bounty program to deal with security issues that might allow other hackers or law enforcement to identify and deanonymize the site's owners and users.

The bug bounty program launched last week and was announced on the site (image above) and via a Reddit post.

According to the official announcement, Hansa admins are willing to pay up to 10 Bitcoin (~$10,200) for security issues, which is on par with what most Silicon Valley companies pay bug hunters via their official security vulnerability programs (SVPs).

Just like any other bug bounty program, in order to be elligible for a reward, attackers must not cause any downtime to the main service, and they must not access other users' accounts. Demoing bugs is only allowed on for-testing accounts only.

Based on severity of the bug and completeness of the submission,
which we will decide at our sole discretion, we offer the following rewards:

    Vulnerabilities that could severely disrupt HANSA's integrity (for example any IP address, personal information of a user or vendor): 10 BTC
    Non critical exploits and vulnerabilities that can take the market offline: 1 BTC
    Simple display bugs or unintended behavior (NOT typos or grammar): 0.05 BTC

To be eligible, you must demonstrate a security compromise on our market using a reproducible exploit.
Should you encounter a bug please open a ticket and inform us about your findings.

Hansa is a Dark Web portal where users go to buy and sell illegal products such as malware, security exploits, stolen data, guns, drugs, and other illegal products.

No other option

Unlike legitimate businesses, Hansa site operators can't file a complaint with the police or FBI that someone hacked their service.

Hansa admins are trying to appeal to the hackers' good will by rewarding them for any security issues they find.

Some of these vulnerabilities have the potential of destroying a market's reputation if hackers can steal Bitcoin from user deposits or read their private messages.

Last week, AlphaBay, another Dark Web marketplace paid an undisclosed sum to a hacker who found a flaw that allowed him to read over 218,000 private messages that contained sensitive information such as delivery addresses, Bitcoin wallet IDs, tracking numbers, and others.

In the past, hackers successfully extorted other Dark Web marketplaces, such as SilkRoad, threatening to take down the site or send details about the site and its owners to local law enforcement.

Related Articles:

Microsoft Released Hyper-V Debug Symbols for the Hyper-V Bug Bounty Program

Facebook Wants Security Researchers to Hunt Down Apps That Misuse User Data